Expand Compliance Coverage: How to Identify and Manage Compliance

*Attend this webcast and be entered into a draw to win an Apple iPad!*

Organizations increasingly find it difficult to keep up with the ever growing list of mandates governing how sensitive data is both utilized and protected by the organization. Few organizations have identified all their regulatory mandates, much less have a process for managing compliance with them. Unfortunately, a selective approach to compliance management can lead to costly penalties, valuable information loss and sometimes worse.

Join us for this complimentary 1-hour live webcast, where Chris Noell, TruArx EVP of Product Management, will share his insights on how you can identify which of the close to 500 global data security and privacy regulations TruArx’ tracks apply to your business and then how you can translate this knowledge into a pragmatic, cost-effective compliance program.

In this session, you will learn about:
oThe importance of understanding the regulatory landscape
oPotential obstacles that prevent organizations from managing compliance obligations against all requirements
oHow you can quickly and cost-effectively establish a mature IT governance, risk, and compliance program

Any business exec will tell you that “what gets measured gets managed,” but few organizations apply that to their cybersecurity strategy. In this webinar, we’ll talk about why companies should make security analytics & threat analysis part of their ongoing business intelligence and how measuring data leakage could not only save an organization from a costly breach but can help impact the business bottom line.

Open-minded, collaborative, and engaged, Millennials embrace values that can be effectively directed to reduce risk across an organization. While some may view the Millennial spirit as a security liability, with the right support, their views and priorities can actually help cultivate a stronger security mindset within their teams.

In this talk, MJ Kelly explores how to develop security programs that resonate with Millennials. She presents practical approaches that incorporate deeply held priorities of the new generation, while ensuring that experienced team members remain included and engaged. Strategies include determining appropriate incentives, varying motivational focus, and testing new tactics such as gamification and novel information distribution channels to foster a strong security culture throughout the entire organization.

There is only one threat that you need to fight and conquer in 2017. We can write a few lines about how threats are changing or about the dynamic threat landscape. However, let’s spare you the pain of reading the same old blurb and instead let’s do the right thing and share with you the one single, biggest threat facing every single business. It’s been around forever however in 2017 exploiting this threat is most certainly going to cause increased financial pain and reputation damage.

Join Amar Singh, CEO of Cyber Management Alliance and founder of the Insights with Cyber Leaders series and other distinguished cyber leaders as they lay bare the severity of this threat.

Note: 30 Minutes webinar only with 15 minutes of interactive questions from the audience at the end.

After the SFMTA Ransomware attack there are many questions about what is the proper response to such attacks and hackers’ motivations. Based on evidence directly from the hackers behind the recent ransomware attack against San Francisco's Muni, we know what led to the breach. We will be answering your questions about the hackers’ operation, motivations, and victim’s response to this and similar attacks.

2016 was record-setting … and threats aren’t likely to subside in 2017. Let’s reflect on what happened this year and learn about emerging threat landscape trends. A solid understanding of the threat landscape will help you better formulate your defensive strategy and prioritize security initiatives for 2017 and beyond.

This webinar will feature Leo Taddeo, who is uniquely qualified to present his thoughts on the ever-changing threat landscape. Currently Chief Security Officer (CSO) for Cryptzone, a provider of dynamic, context-aware network, software-defined perimeter based security solutions, Leo is former Special Agent in Charge of the Special Operation/Cyber Division of the FBI’s New York office. Leo is a frequent cybersecurity source for business, IT security and global news outlets, such as: Bloomberg, CNBC, CSO Online, Dark Reading, Fortune, New York Times, Washington Post and more.

To close out 2016, we'll be looking at the year in review; the big breaches and notable disclosed vulnerabilities. We'll then use that information to assess the key threats that'll be on the horizon in 2017 and what you can do to protect your organization.

The Distributed Denial of Service (DDoS) attack launched Friday, October 21, against Dyn - one of the largest managed DNS infrastructure providers - was the most destructive attack to date launched from an IoT botnet. The threat of mega attacks launched from infected connected devices is now a reality that dramatically changes the paradigm for mobile and fixed operators whose core infrastructure is susceptible to global attacks that are large enough to significantly disrupt subscriber quality of experience (QoE).

Join us in this webinar to learn:
•The impact of IoT driven DDoS mega attacks
•Architectural approaches to volumetric DDOS mitigation
•How to measure and maintain subscriber quality of experience during an attack

Gartner named CASB the #1 infosecurity technology in 2016. Why is cloud security number one? As users, data and applications move to the cloud and traffic happens off the network, new vectors for malware and threats open up and a new paradigm and breed of security solutions is required: Cloud Access Security Brokers (CASB).

This presentation will demonstrate how to regain visibility and control in your cloud environments, as well as key use cases in the cloud, and how CloudLock works to provide effective security.

Cyber threats are increasing in frequency and complexity, and all industry segments are vulnerable. Join this presentation to learn the advances in identity security and privacy, and how you can protect your organization in 2017.

Presenter:
David Coxe is the CEO of ID DataWeb, Inc. (IDW) and was the Principal Investigator for the Criterion Systems NSTIC pilot program. He is also co- founder of Criterion Systems, a successful IT services contractor that provides information security, cloud computing, software development and other services to civilian agencies, DoD, and the Intelligence community. David has 20 years identity management experience and is currently very active in the development and implementation of attribute exchange trust frameworks. He co-chaired the Attribute Exchange Working Group (AXWG) at the Open Identity Exchange (OIX) for implementing the business, legal, technical, policy/privacy and assessor/certification requirements for Attribute Exchange (AX) Trust Frameworks.

The landscape that today’s CISOs operate in and the role they fill has fundamentally changed in the last few years. Today, CISOs must understand the technical side of cyber security, as well as enterprise risk management and how both disciplines impact their organization’s ability to successfully conduct business.

Join this presentation to learn about the evolving cyber threat landscape, the challenges for CISOs and the requirements to ensure cyber security throughout their organization.

Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks.

With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.

In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios.

In the past year there were numerous high-profile breaches including; insurance companies, government organizations, kid’s internet gaming, power utilities and dating sites. With the ever-changing landscape of threats and advanced cyber-attacks showing no sign of slowing down, organizations need to be prepared.

As the breadth of corporate information expands, IT security teams face the daunting task of effectively protecting intellectual property, PII data, and PHI data from internal and external threats.

Enter machine learning and security analytics – a technology that is at the top of most everyone’s hot new technologies for 2017, but can this technology detect and help stop cyber-attacks?

Listen to guest speaker Stephan Jou, CTO at Interset, discuss what you need to know for the coming year and predict how user behavior analytics will play in the fight to stop cyber-attacks.

Cyber attacks are on the rise, both in volume and impact, and organizations worldwide are focusing on improving cybersecurity and data protection. A key aspect of this is raising security awareness across the organization. Join this presentation and learn about the the role supervisors play in awareness, preparedness and threat mitigation.

We all know that technology plays a role in our everyday life but do you know the extent of that role? Advertising tells us to spend more and more of our life online and embrace technology in our homes, cars and everywhere else a microchip can be placed.

But nowhere is there a message about the consequences of the misuse of that technology. 2016 has seen a rise in the number of incidents involving ransomware, IoT, and simply well intentioned connectivity gone wrong. That momentum is set to continue into 2017 and beyond.

Although past performance does not guarantee future results, this session will focus on what we have seen this year and what we expect to see in the near future.

Email is the most popular communication tool, as well as the entry point for up to 95% of security breaches. As cyber criminals evolve their techniques, targeted, enterprise-facing email attacks are rapidly increasing, fueled by an almost inexhaustible supply of potential victims and the tremendous profits awaiting successful fraudsters.

This talk will provide an overview of both the technical and psychological principles these criminals take advantage of, shedding light on why traditional defenses continue to fail. We will then describe a set of new defense mechanisms that enable enterprises to stop these attacks and review the results of early experiments with these approaches, which offer a new perspective on ways to prevent email fraud.

Presenter:
Dr. Markus Jakobsson is a security researcher with interests in applied security, ranging from device security to user interfaces. He is one of the main contributors to the understanding of phishing and crimeware, and is currently focusing his efforts on human aspects of security and mobile security.

Cybersecurity threats are evolving more quickly than most organizations can pivot to defend against them. The 2016 IDC report states that “worldwide spending on cybersecurity products and services [is expected] to eclipse $1 trillion for the five-year period from 2017 to 2021” but we still may not be combatting emerging threats in the right ways.

While we’re battling against growing threats from conventional computers, quantum computers are a growing shadow on the threat landscape, and people are already starting to think about how to get ready. Quantum safe options are becoming available, and bring with them new ways of thinking about how to integrate security solutions based on fundamentally different problems. What happens to TLS? What happens to VPN? What happens to PKI? Is your business ready? What potential threats should you be evaluating in your security strategy for 2017?

In this talk, we’ll cover the 360-degree view of becoming quantum resistant. What is a quantum computer? Why will it cause problems for your security systems? How do you use quantum safe security?! How does entering the quantum age impact common tools like TLS, VPN, and PKI, and what are the challenges they’ll face? And most importantly, when do you need to worry?

We present a recurrent neural network that learns to tweet phishing posts targeting specific users. The model is trained using spear phishing pen-testing data, and in order to make a click-through more likely, it is dynamically seeded with topics extracted from timeline posts of both the target and the users they retweet or follow. We augment the model with clustering to identify high value targets based on their level of social engagement such as their number of followers and retweets, and measure success using click-rates of IP-tracked links. Taken together, these techniques enable the world's first automated end-to-end spear phishing campaign generator for Twitter.

The rise of attacks resulting in huge business losses have brought cyber security into the board room. Prior to the Target breach, the board of directors was not very interested in cyber security. However, things have changed, and we see more and more CISOs reporting into the CRO, CFO, or CEO and not the CIO. Put simply, if you report into the board more than once or twice a year you have to be speaking their language.

Cyber breaches have impactful results. In 2015, Target’s CEO Gregg Steinhafel, a 35-year employee of the company with the last six at the helm, was forced to resign in light of the recent holiday-season credit-card security breach that affected 40 million customers.

As a result, we are seeing a major shift in corporate cybersecurity policy. The board of directors is no longer interested in check box compliance. They are understanding their role much better. They are responsible to ensure that cyber controls are in place that protect business assets of the firm in alignment with their risk tolerance.

As the sophistication of encryption and technical defences rises each year, so do the attacks against the people in organizations. Hence the rise in PICNIC = Problem In Chair, Not In Computer.

This session gives an overview of the latest insider threats facing critical infrastructures and how they can compromise air-gapped networks. It provides proactive, preventative and defensive measures to manage the risk, and concludes with a discussion of the responsibilities organizations who manage critical infrastructures have to support national security, the well-being of society and economic prosperity.

Tis the season of predictions looking ahead to 2017 and paying lip service to the threat landscape. Not a fan of either of those? You’re not alone. Join FireEye in this BrightTalk webinar where we’ll discuss more than just the threats that may or may not be awaiting us in 2017. We’ll discuss real attacker tactics and techniques, along with how you can actually counter the risk they present.

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.